> I don't believe you can run a bridge over a VPN (it is not impossible in > principle, but I've never seen it actually done ... since a VPN is a > Network-Layer link, you'd have to encapsulate Ethernet frames in IP > datagrams ... this isn't quite as weird as it sounds, but it is *almost* as > weird as it sounds ... so you are unlikely to find what you need off the > shelf). So we scratch approach #3 and stick with routing rahter than bridging.
You need to talk to more Microsoft people (motto: Microsoft doesn't understand how tcp/ip works.) The L2TP protocol used by M$ WAN's is a Layer 2 Tunneling Protocol (hence the name), which enables your systems to propogate Layer 2 packets (including broadcasts and arp requests) over a WAN. This is actually billed as a *FEATURE* of their WAN software vs. the competition, which doesn't have such a feature. The fact that no-one should be so insane as to actually *WANT* to pipe broadcast packets across their WAN is apparently lost on the market-droids (and MS networking programmers). > That leaves proxy arp (approach #2). I have not seen that combined with a > VPN, but I can't think of any reason why the two would not work together. > You establish a VPN between Bering 1 and Bering 2, then tell Bering 1 that > that VPN interface is its route to network a.b.c.d/netmask . You also tell > it to proxy-arp network a.b.c.d/netmask on its external interface. I believe this is fundamentally how the "extruded subnet" feature of FreeS/WAN operates, although I have not yet tested a setup like this personally. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
